psecio
HTML Output
Does this tool need to have some kind of HTML output handling? I know the RIPS tool used to have something like this, so I'm wondering if it's that useful.
The primary target of this tool is to be a command-line application but adding a generator like that wouldn't be too difficult (especially if it's just parsing the output from the command line). It might be better as a separate project though (parse-html?)
I wouldn't mind having HTML output. For instance, a CI server could generate HTML reports for easy access via a web page. And I've got a legacy project that throws violations all over the place. Having an easily navigable HTML page might be easier to use that the massive dump at the end of a run.
If it's a separate project, I would prefer to have it as a plugin.
I could see it being a plugin...I was thinking of something similar to what RIPS used to do where it would show:
- Total counts of issues
- Number of scanned files
- Scan timing
- The actual contents of the files with the highlighted issues where they were found
I was thinking that the HTML tool might just parse the XML (or whatever) output of the main parse execution. That way it wouldn't need to be generated every time. I'm not sure a security scanner needs to be in the business of generating HTML.
Ok. I didn't understand what you meant by a separate tool. I could see having a conversion tool that converts from the standard output format to whatever. Of course, the only target I can think of right off hand is HTML. But if you want multiple parsable output formats, you could include just one in the main tool and hand off any further conversions to the formatter tool.